US11695559B2ActiveUtilityA1
Nested tenancy that permits a hierarchy having a plurality of levels
Est. expirySep 30, 2039(~13.2 yrs left)· nominal 20-yr term from priority
Inventors:Benjamin BusjaegerKoson ThambunditJeremy HorwitzMichael SgroiJeffrey M. BerganBenjamin FryBrian Robert Mcnamara
G06F 16/907G06F 16/9035H04L 63/10G06F 9/5072G06F 16/955H04L 63/1408H04L 9/3213
40
PatentIndex Score
0
Cited by
79
References
20
Claims
Abstract
A multi-tenant computer system implements a platform for providing data protection scopes to shared infrastructure services according to a nested tenant model that permits a hierarchy having a plurality of levels. The multi-tenant computer system provisions data protection scopes for cloud products, service products, cloud product tenants, service products operating in the context of cloud products, service products operating in the context of cloud product tenants, and combinations of the foregoing.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method, comprising:
implementing, by a computer system, a platform for providing data protection scopes to shared infrastructure services according to a nested tenancy model that permits a hierarchy having a plurality of levels, wherein a given level, of the plurality of levels in the hierarchy, is associated with a level of access to one or more of the shared infrastructure services;
receiving, by the computer system, a first request to provision, for a particular shared infrastructure service, a first data protection scope for a first cloud product having a first set of tenants, wherein a cloud product is software accessible to a set of tenants and operable to perform a set of functions for the set of tenants;
in response to the first request, provisioning the first data protection scope for the first cloud product at a top-most level of the hierarchy, wherein the top-most level of the hierarchy is associated with a particular level of access to the particular shared infrastructure service;
receiving, by the computer system, a second request to provision, for the particular shared infrastructure service, a second data protection scope for a second cloud product having a second, different set of tenants;
in response to the second request, provisioning the second data protection scope for the second cloud product at the top-most level of the hierarchy;
receiving, by the computer system, a third request to provision, for the particular shared infrastructure service, a third data protection scope for a service product, wherein the service product is software operable to access data on behalf of the first and second cloud products and/or tenants of the first and second cloud products;
in response to the third request, provisioning the third data protection scope for the service product at the top-most level of the hierarchy;
receiving, by the computer system, an access request from a remote computer system to access information associated with a particular data protection scope at a particular level of the hierarchy, wherein the access request is received via a URL that indicates the particular data protection scope; and
wherein adding 1) cloud products with different sets of tenants and 2) service products to the top-most level of the hierarchy permits the platform to scale without reconfiguring entities currently managed by the platform.
2. The method of claim 1 , further comprising:
provisioning, by the computer system, a fourth data protection scope for a particular one of the first set of tenants, wherein the fourth data protection scope is provisioned at a next level of the hierarchy;
wherein the fourth data protection scope is provisioned subordinately to the first data protection scope in the hierarchy.
3. The method of claim 2 ,
wherein provisioning the first data protection scope includes generating a cloud product identifier for the cloud product; and
wherein provisioning the fourth data protection scope includes generating a cloud product tenant identifier for the particular one of the first set of tenants, wherein the cloud product tenant identifier includes the cloud product identifier.
4. The method of claim 2 , wherein provisioning the fourth data protection scope includes storing an indicator of a trust relationship between the particular one of the first set of tenants and the cloud product.
5. The method of claim 1 , further comprising:
provisioning, by the computer system, a fourth data protection scope for a particular cloud product accessing the particular shared infrastructure service in the context of the service product;
wherein the fourth data protection scope is provisioned subordinately to the third data protection scope in the hierarchy.
6. The method of claim 5 , further comprising:
provisioning, by the computer system, a fifth data protection scope for a particular tenant of the particular cloud product accessing the particular shared infrastructure service in the context of the service product;
wherein the fifth data protection scope is provisioned subordinately to the fifth data protection scope in the hierarchy.
7. The method of claim 1 , further comprising:
provisioning, by the computer system, a single-tenant data protection scope at the top-most level of the hierarchy;
wherein there are no data protection scopes provisioned subordinately to the single-tenant data protection scope.
8. The method of claim 1 , further comprising:
receiving, by the computer system, an access request from a remote computer system to access information associated with a particular data protection scope at a particular level of the hierarchy;
wherein the access request includes an indicator of whether the particular data protection scope is authorized to submit the access request.
9. The method of claim 1 , wherein the particular shared infrastructure service includes a shared template service operable to:
provide one or more selectable database templates that define data types supported for a non-relational database accessible to an application;
service a request from the application to manipulate a particular data type defined by a selected database template;
in response to the request from the application, identify a set of data manipulation language (DML) instructions based on the selected database template; and
issue the identified set of DML instructions to the non-relational database.
10. A non-transitory, computer-readable storage medium storing program instructions that are capable of being executed by a computer system to perform operations comprising:
implementing a platform for providing data protection scopes to shared infrastructure services according to a nested tenancy model that permits a hierarchy having a plurality of levels, wherein a given level, of the plurality of levels in the hierarchy, is associated with a level of access to one or more of the shared infrastructure services;
receiving a first request to provision, for a particular shared infrastructure service, a first data protection scope for a first cloud product having a first set of tenants, wherein a cloud product is software accessible to a set of tenants and operable to perform a set of functions for the set of tenants;
in response to the first request, provisioning the first data protection scope for the first cloud product at a top-most level of the hierarchy, wherein the top-most level of the hierarchy is associated with a particular level of access to the particular shared infrastructure service;
receiving a second request to provision, for the particular shared infrastructure service, a second data protection scope for a second cloud product having a second, different set of tenants;
in response to the second request, provisioning the second data protection scope for the second cloud product at the top-most level of the hierarchy;
receiving a third request to provision, for the particular shared infrastructure service, a third data protection scope for a service product, wherein the service product is software operable to access data on behalf of the first and second cloud products and/or tenants of the first and second cloud products;
in response to the third request, provisioning the third data protection scope for the service product at the top-most level of the hierarchy;
receiving an access request from a remote computer system to access information associated with a particular data protection scope at a particular level of the hierarchy, wherein the access request is received via a URL that indicates the particular data protection scope; and
wherein adding 1) cloud products with different sets of tenants and 2) service products to the top-most level of the hierarchy permits the platform to scale without reconfiguring entities currently managed by the platform.
11. The non-transitory, computer-readable medium of claim 10 , wherein the operations further comprise:
provisioning a fourth data protection scope for a particular one of the first set of tenants, wherein the fourth data protection scope is provisioned at a next level of the hierarchy;
wherein the fourth data protection scope is provisioned subordinately to the first data protection scope in the hierarchy.
12. The non-transitory, computer-readable medium of claim 11 ,
wherein provisioning the first data protection scope includes generating a cloud product identifier for the cloud product; and
wherein provisioning the fourth data protection scope includes generating a cloud product tenant identifier for the particular one of the first set of tenants, wherein the cloud product tenant identifier includes the cloud product identifier.
13. The non-transitory, computer-readable medium of claim 11 , wherein provisioning the fourth data protection scope includes storing an indicator of a trust relationship between the particular one of the first set of tenants and the cloud product.
14. The non-transitory, computer-readable medium of claim 10 , wherein the operations further comprise:
provisioning a fourth data protection scope for a particular cloud product accessing the particular shared infrastructure service in the context of the service product, wherein the fourth data protection scope is provisioned subordinately to the third data protection scope in the hierarchy.
15. The non-transitory, computer-readable medium of claim 14 , wherein the operations further comprise:
provisioning a fifth data protection scope for a particular tenant of the particular cloud product accessing the particular shared infrastructure service in the context of the service product, wherein the fifth data protection scope is provisioned subordinately to the fourth data protection scope in the hierarchy.
16. A computer system, comprising:
a processor system;
a memory storing program instructions that are executable by the processor system to perform operations comprising:
implementing a platform for providing data protection scopes to shared infrastructure services according to a nested tenancy model that permits a hierarchy having a plurality of levels, wherein a given level, of the plurality of levels in the hierarchy, is associated with a level of access to one or more of the shared infrastructure services;
receiving a first request to provision, for a particular shared infrastructure service, a first data protection scope for a first cloud product having a first set of tenants, wherein a cloud product is software accessible to a set of tenants and operable to perform a set of functions for the set of tenants;
in response to the first request, provisioning the first data protection scope for the first cloud product at a top-most level of the hierarchy, wherein the top-most level of the hierarchy is associated with a particular level of access to the particular shared infrastructure service;
receiving a second request to provision, for the particular shared infrastructure service, a second data protection scope for a second cloud product having a second, different set of tenants;
in response to the second request, provisioning the second data protection scope for the second cloud product at the top-most level of the hierarchy;
receiving a third request to provision, for the particular shared infrastructure service, a third data protection scope for a service product, wherein the service product is software operable to access data on behalf of the first and second cloud products and/or tenants of the first and second cloud products;
in response to the third request, provisioning the third data protection scope for the service product at the top-most level of the hierarchy;
receiving an access request from a remote computer system to access information associated with a particular data protection scope at a particular level of the hierarchy, wherein the access request is received via a URL that indicates the particular data protection scope; and
wherein adding 1) cloud products with different sets of tenants and 2) service products to the top-most level of the hierarchy permits the platform to scale without reconfiguring entities currently managed by the platform.
17. The computer system of claim 16 , wherein the operations further comprise:
provisioning a single-tenant data protection scope at the top-most level of the hierarchy;
wherein there are no data protection scopes provisioned subordinately to the single-tenant data protection scope.
18. The computer system of claim 16 , further comprising:
receiving an access request from a remote computer system to access information associated with a particular data protection scope at a particular level of the hierarchy, wherein the access request includes an indicator of whether the particular data protection scope is authorized to submit the access request.
19. The computer system of claim 16 , wherein the particular shared infrastructure service provides a scheduling service.
20. The computer system of claim 16 , wherein the service product is software operable to access data on behalf of the first and second cloud products.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.